An India-based software vendor, Conceptworld Corporation, has unintentionally distributed information-stealing malware within its primary software products in June. The affected tools include Notezilla, a sticky notes app; RecentX, a tool for managing recently used files, folders, applications, and clipboard data; and Copywhiz, a file copying, organizing, and backup tool.
Researchers from Rapid7 discovered that the installation packages for these products were compromised, embedding rudimentary infostealing malware, dubbed dllFake. Rapid7 informed Conceptworld on June 24, and the company promptly removed the malicious installers, replacing them with legitimate, signed copies within 12 hours.
The attackers managed to integrate their malware with the legitimate software installers, likely by exploiting vulnerabilities on the vendor’s web servers to swap the files. The resulting packages were unsigned and slightly larger than expected, but users would only see the legitimate installer pop-up, hiding any immediate signs of the malware.
The never ending story for software supply chain corruption !
Software Productivity Tools Hijacked to Deliver Infostealers
Innocuous little Windows programs were carrying cheap malware for weeks, exposing customers of the software vendor to data theft.https://t.co/k75NfCwE3A— tresronours cybersec (@tresronours) July 4, 2024
DllFake, a part of a previously unidentified malware family active since January, can steal information from cryptocurrency wallets and browsers like Google Chrome and Mozilla Firefox. It also logs keystrokes and clipboard data and can download and execute further payloads. Despite its effectiveness, the malware shows a low level of sophistication, using plaintext indicators and batch scripts.
Users are advised to treat any software download, especially free ones, with caution. Verification methods include comparing file sizes, checking signature validation and hash reputation, and using freely available sandboxes to observe software behavior.
Ensuring the legitimacy of software downloads is crucial to protect against hidden malware threats.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.